News letter july 12


Published on

You will be happy to know that this e-zine goes to more than seven thousand select security professional in the world as direct mail and is also placed in our web-site of ICISS. The link of the web-site is given below –

I actively encourage you to join ICISS Group at ‘LinkedIn’ and also
motivate other security professionals likewise. I am confident that by
becoming active member of the ICISS Group, not only you professionally will be benefitted; the profession itself will be benefitted by your active support and contribution. The link to the ICISS Group at LinkedIn is given below –

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

News letter july 12

  1. 1. Newsle etter: July 20 J 012 Let’s profe s essionalize the pro t ofessio onals… … http://ww /sbtyagi/iciss Aurora th heatre suspec Jame Holm st s ct es mes tockpiled 6,00 00 rouunds o ammunition onlin e. of nSpend jus a few mi st inutes brow wsing the iinternet an it becom clear h nd mes how James Holmes w able s wasto stockpi 6,000 r ile rounds of ammunitio without any alarm soundin “The Guardian” did little on ms ng. Gresearch on interne and foun that hu ge amoun of amm et nd nts munition ca be purc an chased onlline in amatter of minutes and can be shipped s straight to customers doors, no questions asked. Y those c o s Yetfamiliar with gun ow wnership in the US are unlikely to have be surpris ed. e t is one of many webs m sites which allow fo the purc h or rchase of lots of ro ounds atknockdow prices. O the we wn On ebsite one can buy 1,000 .223, 62grain T TulAmmo rounds, wh hich canbe fired by an AR15 assault rif for just $250, or 25 cents a round. y 5 fle, t 2Luckgunn sto mington rounds in bo ocks Fiocchi .223 rem oxes of 1,0 000, described as "pe erfect foryour AR-115!". When “The Gua n ardian” perrused the website on Monday th w here were 41 boxes in stock.Again, “TThe Guardian” we were able t follow the purcha w to t asing proccedure throough – pootentiallygetting 41,000 round delivere within th ds ed hree days, for $17,42 28.39.
  2. 2. C Courtesy: C D R Se Col emwal (ca allsamydr@ @yahoo.c com)Today its significantly differe s ent! Yeste erday we operated with fence o w es,gates, gua ards and ccameras. We were w W worried abo people taking min out noritems out of the worrkplace. Bu the fenc ut ces, guards and gate are not a s es asimportant these day for many business es. ys yAn IT se ervices commpany tha prides itself on its relaxed and ope at i d en He is highly expe eriencedphilosophy is unlike to appre ely eciate a se ecurity lead whose focus is o der e on (29 years’ serv y vice inlocking t the emplo oyee pop pulation oout of ne ewer com mmunicatioon Indian n Army) withtechnologgies, for example. Staff and manageme may look at th at S ent proven skills s in manag ging Safet ty andindividual as a roadb block to be surmount rather than a par e ted rtner. security issuees of establishments,Planning for acces control system n ss needs innoovative approach an nd manag ging large humandeep know wledge of the busine and wo ess ork-culture of the org e ganization. It resource deployments,calls for n only ke not eeping the bad guys out bust also enco e s ouraging th he logistics & mobiliity.good guys to come in without hassle! s Col. Semwal has experience & passionPhysical aaccess by a person may be a y allowed de epending on paymen o nt, for protection of ecologyauthorizattion, etc. A Also there may be o one-way tra affic of people. Thes se & environmen e nt. Hecan be en nforced by personne such as a border guard, a doorman, a y el s changged the f face of Delhi in Bhati Minesticket che ecker, etc., or with a device su ch as a tu urnstile. Th here may b be Area while he wasfences to avoid cir o rcumventin this ac ng ccess cont trol. An alternative of comm manding Eco-access coontrol in the strict sense (physiically contr rolling access itself) is Battallion of Te erritoriala system of checki ing authorrized preseence, see e.g. Ticke controlle et er Army in Delh hi and(transport tation). A vvariant is exit controll, e.g. of a shop (che e eckout) or a turned it into lus green d sh area!country. He was succes w ssful inIn physica security the term access c al y, m control reffers to the practice of restorration of miningrestricting entrance to a prop g perty, a bu uilding, or a room to authorize o ed land by afforestationpersons. P Physical access cont can be achieved by a huma (a guar trol e an rd, activit ties in coorddination with Deptt ofbouncer, or receptio onist), through mecha anical mea such as locks an ans a nd Enviroonment,keys, or t through tec chnologica means s al such as ac ccess cont system trol ms Gover rnment of the mmantrap. W Within these environm e ments, phys sical key manageme m entmay also be employ as a means of fu yed m urther mannaging and monitorin d ng He ha vast exp as perienceaccess to mechanic cally keyed areas or aaccess to certain sma assets. c all and knowledgge in Industrial Securrity and Safety in comb y binationPhysical aaccess conntrol is a matter of wh where, and when An acces m ho, n. ss with expertise re e elated tocontrol sy ystem dete ermines wh is allow ho wed to enter or exit, where the ey Enviro onment andare allowe to exit o enter, and when t ed or they are allowed to enter or ex e xit. Ecology. He is deeplyHistoricall this wa partially accompliished thro ly as y ough keys and lock ks. commmitted in the field of eWhen a d door is lock only someone w a key can enter through th ked s with he SHSE (Security; Health Safety & Environm y ment).door depe ending on how the lock is co onfigured. Mechanica locks an M al ndkeys do n allow re not estriction of the key h o holder to specific times or date s es. He is ICISS Coun ncilor forMechanic locks and keys do not prov cal vide record of the key used o ds k on NCR Region. Rany specific door an the keys can be e nd s easily copie or trans ed sferred to a anunauthoriz person When a mechanic key is lost or the key holde is no lon zed n. cal e er nger authoorized touse the prrotected ar rea, the loc must b re-keyed cks be d.
  3. 3. Electronic access co c ontrol uses compute to solve the limita s ers e ations of m mechanical locks and keys. Awide rang of crede ge entials can be used t replace mechanic keys. T n to cal The electronic access control ssystem gr rants acce based on the cr ess redential presented. When acc p cess is gra anted, the door is eunlocked for a preddetermined time and the transa d action is re ecorded. W When acce is refused, the essdoor remaains locked and the attempted access is recorded. The syste will also monitor t door d a em o theand alarm if the doo is forced open or h m or held open too long aft being u ter unlocked.When a credential is presented to a read the rea s der, ader sends the crede s ential’s info ormation, u usually anumber, to a control panel, a highly reliable processo The co y or. ontrol pan compa nel ares thecredential number to an access contro list, grants or denie the pres ls r ol es sented req quest, and sends atransactio log to a database. onWhen acc cess is de enied base on the a ed access co ontrol list, the door re t remains loc cked. If th here is amatch bet tween the credential and the a ccess control list, the control p e panel opera ates a rela that in ayturn unloc the doo The con cks or. ntrol panel also ignor a door open signa to preve an alarm Often res al ent m.the reade provides feedback such as a flashing red LED for an ac er s k, g ccess deniied and a flashinggreen LED for an ac D ccess grannted.The abov descript ve tion illustra ates a sing factor transaction Credent gle t n. tials can be passed around, bthus subvverting the access control list. F exampl Alice ha access rights to th server r For le, as he room butBob does not. Alice either gives Bob h creden s e her ntial or Bob takes it; he now has acces to the ; h ssserver roo To pre om. event this, two-factor authentica t ation can be used. In a two fact transac b tor ction, thepresented credentia and a se d al econd facto are need for access to be granted; another fa or ded e actor canbe a PIN, a second credential, operator interventio or a bio on, ometric inpuut.There are three type (factors) of authen e es nticating information:  som mething the user knows, e.g. a pa e assword, pass-phrase or PIN o  mething the user has, such as sm art card som e s  mething the user is, such as finger som e rprint, verified by biometric measu urementPassword are a co ds ommon means of ver ifying a users identit before a ty access is given to info ormationsystems. In addition, a fourth factor o f authentic h cation is now recog n gnized: sommeone you know,where ano other perso who knows you c provide a human element o authentic on can e of cation in si ituationswhere sysstems have been set up to allo for such scenarios. For exa e t ow h ample, a us may ha their ser avepassword, but have forgotten their sm mart card. In such a scenariio, if the user is kn nown todesignate cohorts, the cohorts may pr ed , rovide thei smart ca and pa ir ard assword in combinat n tion withthe extant factor of the user in questio and thu provide two factor for the user with missing f on us rscredential and three factors overall to alllow access. l, eA credent is a ph tial hysical/tanggible objec a piece of knowle ct, edge, or a facet of a persons physicalbeing, tha enables an individu access to a given physical facility or computer- at ual s -based info ormationsystem. T Typically, c credentials can be s s something you know (such as number or PIN), so o omethingyou have (such as an access badge), s s something you are (such as a biometric feature) o some g ( c orcombination of thes items. The typical credential is an acc se T l cess card, key fob, or other key There y.are many card tech y hnologies inncluding m magnetic st tripe, bar code, Wieg c gand, 125 kHz proximity, 26bit card-sswipe, con ntact smart cards, a t and contac ctless sma cards. A art Also available are kkey-fobswhich are more com e mpact than ID cards and attac to a ke ring. Ty n s ch ey ypical biom metric techn nologiesinclude fin ngerprint, f facial recog gnition, iris recognitio retinal scan, voice and han geometr s on, s e, nd ry
  4. 4. An access control p point, whic can be a door, tu ch urnstile, pa arking gate elevator, or other physical e, ,barrier whhere granting access can be ele ectronically controlled. Typicallly the acce point is a door. y ess sAn electroonic access control door can co d ontain sev veral elemeents. At its most basic there is a stand-alone elec ctric lock. The lock is unlocked by an op s d perator with a switch . To autom h mate this, ooperatorinterventio is repla on aced by a reader. Th reader could be a keypad where a code is en he c ntered, itcould be a card reader, or it could be a biometric reader. Re c eaders do not usually make an access ndecision b send a card num but mber to an access control panel that ver n rifies the number against an naccess lis To mon st. nitor the door positio a magnetic door switch is used. In concept t d on r s the doorswitch is n unlike t not those on reefrigerator or car do rs oors. Gene entry is co erally only e ontrolled an exit is nduncontroll led. In cases where exit is also controlled a second reader is used on th opposite side of e o d he ethe door. In cases w where exit is not con ntrolled, fre exit, a device calle a reque ee d ed est-to-exit ( (RTE) isused. Req quest-to-exit devices can be a push-bu s utton or a motion de etector. When the b W button ispushed or the motio detecto detects motion at the door, the door a on or alarm is teemporarily ignoredwhile the door is opened. Ex xiting a do without having to electricallly unlock the door i called oor t o ismechanic free eg cal gress. This is an im portant sa s afety feature. In cas es where the lock m must beelectrically unlocked on exit, th request y d he t-to-exit device also unlocks the door. u eAccess co ontrol dec cisions are made by comparin the cred y ng dential to an access control list. This slookup ca be don by a host or se an ne h erver, by an access control p a s panel, or by a read der. Thedevelopmment of acccess contro systems has seen a steady push of th lookup out from a central ol s n hehost to th edge of the syste or the reader. Th predom he f em, he minant topoology circa 2009 is h a hub andspoke wit a contro panel as the hub and the readers as the spok th ol r s kes. The loookup and control dfunctions are by the control panel. The spokes co e p ommunicat through a serial connection; usually te c ;RS485. SSome manu ufactures are pushing the decis a g sion making to the ed by plac dge cing a controller atthe door. The cont trollers are IP enablled and co e onnect to a host an databas using s nd se standardnetworksAccess co ders may be classified by functions they are able to perform – ontrol read d a Basi (non-inte ic elligent) reaaders: simp read card number or PIN and forward it to a control panel. In ply o case of biometr identifica e ric ation, such r readers outtput ID nummber of a usser. Typically Wiegand protocol d is ussed for tran nsmitting da to the c ata control pan but othe options such as RS-232, RS- nel, er -485 and Clock/Data are not uncomm mon. This i s the most popular typ of acces control re pe ss eaders. Exa amples of such readers ar RF Tiny by RFLOGIC ProxPo by HID, and P300 by Farpoint Data. h re b CS, oint te Semmi-intelligen readers: have all inp nt utputs necessary to co puts and ou ontrol door hardware (lo h ock, door conta exit but act, tton), but do not make any acces decisions When a user presents a card o enters e ss s. or PIN, the reader sends info r ormation to the main coontroller and waits for its respons If the co se. onnection to th main controller is interrupted, such read he ders stop working or f w function in a degrade mode. ed Usua semi-intelligent rea ally aders are cconnected to a contro panel via an RS-485 bus. Examples of t ol 5 such readers ar InfoProx Lite IPL200 by CEM Systems and AP-510 by Apollo. h re 0 d y Intelligent readders: have all inputs aand outputs necessary to control d door hardwware, they a also have mem mory and pr rocessing power neces ssary to ma access decisions independen ake ntly. Same as semi- intelligent reade they are connected to a contro panel via an RS-485 bus. The control pan sends ers e d ol a 5 nel confiiguration uppdates and retrieves e events from the reade m ers. Examp ples of suc readers could be ch InfoP Prox IPO200 by CEM Systems an d AP-500 by Apollo. 0 S bThe most common security risk of intr t r rusion of an access control sy a system is simply following a slegitimate user throu a door Often the legitimate user will hold the d e ugh r. e e door for the intruder. T e This risk
  5. 5. can be minimized through security awareness training of the user population or more active meanssuch as turnstiles. In very high security applications this risk is minimized by using a sally port,sometimes called a security vestibule or mantrap where operator intervention is requiredpresumably to assure valid identification.[citation needed]The second most common risk is from levering the door open. This is surprisingly simple andeffective on most doors. The lever could be as small as a screw driver or big as a crow bar. Fullyimplemented access control systems include forced door monitoring alarms. These vary ineffectiveness usually failing from high false positive alarms, poor database configuration, or lack ofactive intrusion monitoring.Similar to levering is crashing through cheap partition walls. In shared tenant spaces the divisionalwall is vulnerability. Along the same lines is breaking sidelights. Spoofing locking hardware is fairlysimple and more elegant than levering. A strong magnet can operate the solenoid controlling boltsin electric locking hardware. Motor locks, more prevalent in Europe than in the US, are alsosusceptible to this attack using a donut shaped magnet. It is also possible to manipulate the powerto the lock either by removing or adding current.Access cards themselves have proven vulnerable to sophisticated attacks. Enterprising hackershave built portable readers that capture the card number from a user’s proximity card. The hackersimply walks by the user, reads the card, and then presents the number to a reader securing thedoor. This is possible because card numbers are sent in the clear, no encryption being used.Finally, most electric locking hardware still have mechanical keys as a fail-over. Mechanical keylocks are vulnerable to bumping Components of Access Control System PC Card Reader Printer Door Controller Drop barrier MOTORISED VEHICLE TRIPOD BARRIER Turn stile
  6. 6. Forward by - Col NN Bha ded atia, Veter (narind ran dra_bhatia a@hotmai appeears to be another credit / deb card sc c bit cam startin to make the rounds. Bewar - just ng e re!received f from a frien in Sydn nd ney. Well w worth a read....There is a new and clever cr d redit card scam - be wary of those who come bea e t o aring gifts. Please . this to everyone you know, espcirculate t pecially yo family and friends It just ha our a s. appened to friends oa week or so ago in Singapo , and it can prett well now be happ ore t ty w pening any ywhere els in the seworld.It works like this: Wednesday a week ag I had a phone ca from som go, all meone who said that he was o tfrom some outfit called "Expre Courie ess ers" asking if I was going to be home bec e cause ther was a repackage f me, and the calle said that the delive would arrive at m home in roughly a hour. for er t ery my n anAnd sure enough, a about an hour later, a deliverym turned up with a beautiful Basket of flowers man d fand wine. I was ve surpris ery sed since it did not involve an special occasion or holiday and I ny y,certainly d didnt expe anything like it. ect gIntrigued about wh would send me such a gift, I inqu ho g uired as t who the sender is. The todeliverymans reply was, he was only d w delivering the gift pac t ckage, but allegedly a card wa being t assent sepaarately; (the card has never arri ved!). There was also a consig e gnment not with the gift. teHe then wwent on to explain that becaus the gift contained alcohol, there was a $3.50 " o se t d s "deliverycharge" a proof tha he had actually de as at elivered th package to an adu and no just left it on the he e ult, otdoorstep t just be s to stolen or ta aken by an nyone. Thi sounded logical an I offered to pay hi cash. is d nd d imHe then ssaid that the company require the pay ed yment to be by cred it or debit card only so that yeverything is proper account for. g rly tedMy husba and, who, by this tim was sta me, anding beside me, pulled out of his wal his cre p llet edit/debitcard, and John, the "delivery man", ask my hus e ked sband to sw wipe the ca on the small mob card ard bilemachine wwhich had a small screen and keypad where Fran was als asked to enter the cards s d w nk so tPIN and s security number. A re eceipt was printed ou and given to us. utTo our surprise, between Thursda n ay and the following Mo onday, $4 4,000 had been dcharged/w from our credit/debit account at various ATM mach withdrawn f a A hines, particcularly in the northshore are It appe ea! ears that somehow the "mobile credit card mach s c hine" which the deliv h verymancarried was able to duplicate and crea a "dum o e ate mmy" card(?) with alll our card details, a d after myhusband sswiped our card and entered th requeste PIN and security number. r he ed dUpon findding out the illegal tra e ansactions on our ca s ard, of cou mmediately notified the bank urse, we im ywhich issu us the card, and our crediit/debit acc ued e d count had been close We als persona went ed. so allyto the Police, where it was confirmed tha it is defi e at initely a sc cam becau several househol have use ldsbeen similarly hit.Warning: Be wary of accepting any "s : surprise gif or packa ft age", whic you neither expec ch cted norpersonally ordered, especially if it involv any kin of paym y y ves nd ment as a c condition of receiving the gift o gor packag Also, n ge. never acce anythin g if you do not personally kno and/or there is no proper ept o ow oidentification of who the sende is. o erAbove all, the only t , time you should give out any personal cr e p redit/debitc card inform mation is w when youyourself in nitiated the purchase or transac e e ction!
  7. 7. Following is the repproduction of the e- -mail received by on acquain ne ntance which appears to bebenevolen in natur Howev nt re! ver, on furt rther inves stigation it was found that it was an att d w tempt togather important personal / fin nancial info ormation. The given link with lo of difficulty got co T ots onnectedafter repe eated attem mpts over three mon nths’ time, but for a short while without getting an useful e nyinformatio indicati on, hese were non-funct ing that th tional URL The Ye Ls. ellow Butto asking to click onhere to acctivate yo accoun was sen our nt nding the in nformation to third pa arty!Readers a advised not to re are espond to s such mails unless the verify th backgro s ey he ound of the sender eof the mails. Info ormation Regard n ding You accoun ur nt: Dea PayPal M ar Member! Atte ention! Your PayPal account has bee violated Someon with IP address l en d! ne I s 86.3 34.211.83 tr ried to acc cess your personal account! Please clic the link below and P ck d ente your acco er ount informaation to con firm that yo are not currently awa You hav 3 days to ou way. ve o conf firm account informatio or your ac on ccount will be locked. Click here to activ vate your account a You can also confirm your email address by logging into you PayPal account a y g ur at http://www.payp Click on the "Confirm email" link in the Actiivate Accou box and e unt d then enter this c confirmation number: 1 n 1099-81971 1-4441-9833 3-3990 Than you for u nk using PayPa al! - Th PayPal Team he
  8. 8. Please take a minu from yo busy s ute our schedule and read th a hisletter. I as ssure you will not regret it. Imaagine yourrself in a car czooming a high sp at peed and suddenly y s you see the driver ha asgone to s sleep before you can take con n ntrol of the situation a eloud bang All is fini g! ished! You car had all the gad ur dgets but did dnot have N NAP a in- expensive safe ty device NO anMore than 2 million people die and a equal number are an ainjured in accident caused by dozin / drow n ts ng wsy / sleepydrivers. A of us ar at a risk of drows driving; we live in a All re k sy ciety where a lot of people are tired all the time.twenty fou hour soc ur e eAt 60 mp if you close your eyes for a second you have traveled 8 feet. Mu worse drowsy ph y 88 uch edrivers’ ju udgment is impaired sleepine s d, ess induce tunnel vision it’s a recipe for an a es s e accident.Accidents by dozing drivers ar generallly fatal bec s g re cause  Do ozing driver do not brake befor an accid rs b re dent  The impact is at high sp e s peed and tthis can be fatal. e  Dro owsiness / sleepiness is red ale ert  Do not build s o sleep debtt  Adequate res before a long journ is recommended st ney  Use doze off alert gadggetsWe manu ufacture an purchase the mo expens nd ost sive cars with latest comfort gadgets b have t butnever thoought of manufacturing a safet device which could warn th driver and co-pas ty w he a ssengerswhen the driver is in danger of dozing of and prev n f ff venting a po ossible acc cident.At last we have deve e eloped an intelligent safety dev vice.Functional Descrip ptionWhen the gadget is active an drivers head falls forward due to dro e s nd s s owsiness, the intellig gent NONAP will bbuzz loudly and insta y antly bring the driver to full conc centration. The gadg gives th alarm . get heat preset a angle.The angle can be va e aried accoording to re equirement The grav switch inside the gadget ke t. vity e eeps thetrack of th position of the driv he vers head. If not in us the switch should be kept at OFF pos se, d a sition.Salient Fe eatures  Very light weight  ompact and Co d gonomically designed Erg d  Low maintena w ance cost  Easy to use a very and cos effective st e  Low cost and high reliability w d For more info ormation – Visit: http p:// om/nni-fd.h htm
  9. 9. Bringing together ssenior-lev securit busines resilien and sa vel ty, ss nce afety pers sonnel, thi must isattend ev vent will ad ddress ke topics i n the form of case studies an cover aspects of the ey m s nd a fvalue cha particularly in upstream a ain, u and midsttream oil and gas o perations, including a g:  Security and Patrol For rces  Sattellite and Surveillance  Tellecommunications Data Feeds , Analysis and Instan nt Inte erpretationn  Tecchnologies used for Cyber and Maritime Security s C  Security Risk Analysis k  Fenncing and Other Phy ysical Secu urity Measuures, Sensors  CCCTV, Infrare SCADA ed, A  Info ormation S Security  Ins surance an Liability nd  Act of Militancy and Te ts errorism  Acttivism, Cor rporate Social Respo onsibility
  10. 10. Su uggestion & feedb ns back may b sent to us on e-m be o mail: capts sbtyagi@y .inP.S. - If you dont like to receive our newsletter, w apologize for bothering you. Please let us know your mail ad u o we g e w ddress, wewill move it out of our coontact list, tha you! ank